75 matches found
CVE-2026-3494
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
EUVD-2026-9311
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
CVE-2026-3494
CVE-2026-3494 affects MariaDB Server (audit plugin) up to version 11.8.5. When the audit plugin is enabled and server_audit_events is filtered to QUERY_DCL/QUERY_DDL/QUERY_DML, an authenticated user issuing a SQL statement starting with -- or # may bypass logging, leading to incomplete audit reco...
CVE-2026-3494
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
CVE-2026-3494
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
MCP MariaDB Server 安全漏洞
MCP MariaDB Server is a server implementation of the MariaDB open-source large language model context protocol. Versions of MCP MariaDB Server 11.8.5 and earlier contain security vulnerabilities. These vulnerabilities arise when the server audit plugin is enabled and specific filtering events are...
PT-2026-22790
Name of the Vulnerable Software and Affected Versions MariaDB versions through 11.8.5 Description When the server audit plugin is enabled with the server audit events variable configured with QUERY DCL, QUERY DDL, or QUERY DML filtering, SQL statements prefixed with double-hyphen — or hash style...
Malicious Package
Overview vite-audit-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2017-9676
Malware in sbrugna...
EUVD-2022-2344
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-2572
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Audit Plugin. Supported versions that are affected are 5.7.28 and prior and 8.0.18...
CVE-2019-1003077
A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
The vulnerability of the audit plugin (of the TracePluginImpl class in the TracePluginImpl module) of the “Red Database” database management system allows a perpetrator to influence audit records.
The vulnerability of the audit plugin of the TracePluginImpl class within the TracePluginImpl module of the “Red Database” database management system relates to the possibility of assigning incorrect severity and facility parameters to certain events when these events are recorded in the OS syslo...
PT-2024-25544 · Weblizar · Weblizar School Management Pro
Name of the Vulnerable Software and Affected Versions: Weblizar School Management Pro versions through 10.3.4 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation...
GHSA-V89Q-C273-3P42 Craft CMS Audit Plugin Cross Site Scripting vulnerability
Cross Site Scripting XSS vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation...
Craft CMS Audit Plugin Cross Site Scripting vulnerability
Cross Site Scripting XSS vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation...
CVE-2023-36259
Cross Site Scripting XSS vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation...
CVE-2023-36259
Cross Site Scripting XSS vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation...